eth-safe
So it’s all over my rss feeds that Jon Miller (the same bloke who hacked the iphone) managed to hack a macbook air at the CanSecWest security conference (oh, and pardon my use of the term “hacking” and not “cracking“, but i’ve been around the block for a wile and to me crackers are tasteless cookies, the media can paint whatever picture they want, I was there).
The interesting bit (at least to me) about all this is that the first day of the competition was solely network based attacks, wile after the second day the attackers could ask the organizers to do some actions as a regular user would (open emails, webpages, launch apps). The Air, Vista and Ubuntu boxes all survived the attacks done over the network, it was only on the following part of the competition that the hackers had any success…
So the spin on this is that a computer out of the box (whatever flavor that might be) has some real level of security even with default configurations. The fact that social engineering and phishing are much more prone to render your computer hostage is in fact the line in the sand that signals the beginning of the much harder task of making users security aware. Stop blaming the OS’s and applications and start pointing fingers at the users.
